It’s not so much that Wireshark can’t load the file – because it often can, at least the recent versions. But when I end up with files larger than that – sometimes more than 10GBytes in size – that won’t work anymore. I often setup my captures for file sizes of 128 or 256MBytes, because they are still “okay-ish” when opened in Wireshark – it takes some time to load and filter them, but it’s not too bad. So let’s see how we can still tackle both.įirst, let’s look at having only one huge file to deal with, which in my case starts at about above 256MBytes in size. Two typical situations may have you scratch your head: either you have one huge file containing all packets at once, or you have a ton of small files that you need to look at. Sometimes it also happens during network troubleshooting engagements, but it is also common for analysis jobs regarding network forensics: dealing with huge number of packets, sometimes millions or more.
0 kommentar(er)
